Organizational Challenges in Cloud Adoption and Enablers of Cloud Transition Program By Sneha Rajendran Post Graduate Diploma in Management, XLRI School of Business and Human Resources, 2011 SUBMITTED TO THE MIT SLOAN SCHOOL OF MANAGEMENT IN PARTIAL FULFILLMENT OF THE REQUIREMENTS FOR THE DEGREE OF MASTER OF SCIENCE IN MANAGEMENT STUDIES AT THE MASSACHUSETTS INSTITUTE OF TECHNOLOGY JUNE 2013 MASSACHOSETTS INSTfl1UriE OF TECHNOLOGY MAY 3 0 2013 © 2013 Sneha Rajendran. All Rights Reserved. The author hereby grants to MIT permission to reproduce and to distribute publicly paper and electronic copies of this thesis document in whole or in part in any medium now known or hereafter created. LIBRARIES Signature of Author: Sneha Rajendran MIT Sloan School of Management May 10, 2013 Certified By:, -- -I- I1 - Stuart E. Madnick John Norris M aguire Professor of Information Technologies, MIT Sloan School of Management & Professor of Engineering Systems, MIT School of Engineering Thesis Advisor Accepted By: I . U) Michael A. Cusumano SMR Distinguished Professor of Management Program Director, M.S. in Management Studies Program MIT Sloan School of Management 1 Organizational Challenges in Cloud Adoption and Enablers of Cloud Transition Program By Sneha Rajendran Submitted to the MIT Sloan School of Management on May 10, 2013 in partial fulfillment of the requirements for the degree of Master of Science in Management Studies ABSTRACT With the proliferation of cloud computing, organizations have been able to get access to never seen before computing power and resources. Cloud computing has revolutionized the utilization of computing resources through automatic provisioning and release, fostered greater collaboration among the stakeholders in the organization and improved the overall business performance. The implementation of cloud in an organization however brings in changes in the IT and business operations. These shifts pose challenges related to governance, security, dependency and changes in the roles and responsibilities of employees working in the business and IT functions of the organization. This study looks into some of the challenges an organization moving to the cloud faces and using an example of a large financial institution, tries to determine the organizational structures and processes that facilitate and enable a smooth transformation. The paper also illustrates the interaction between the different factors that influence cloud adoption using the system dynamics approach. A set of causal loops that demonstrates the relationship between the different factors has been developed. The effects of these loops have then been aggregated and an abstracted version of an adoption model has been developed. Based on the findings from research articles, existing organizational literature and the case of the large financial institution conclusions have been drawn from an organizational, managerial and non-managerial employee perspectives. Thesis Advisor: Stuart E. Madnick Title: John Norris Maguire Professor of Information Technologies, MIT Sloan School of Management & Professor of Engineering Systems, MIT School of Engineering 3 [Page intentionally left blank] 4 ACKNOWLEDGEMENTS First of all, I would like to thank my advisor Dr. Stuart Madnick for advising me and giving me an opportunity to work on this interesting problem. He had been a great source of support and guidance through my time here at MIT Sloan. A sincere thanks also goes to Dr. Allen Moulton, Research Scientist at the MIT Engineering Systems Division for his great insights, constant feedback and continuous encouragement, which was invaluable. The exchange of ideas from our frequent interactions and the pointers to various articles and journals he has sent helped me greatly in formulating the problem statement and coming up with a sound analysis. I would like to specially thank James Houghton, Research Associate at MIT Sloan for his great insights and critical feedback in conceptualizing my system dynamics model and analyzing the simulation results. I would also like to thank all the members of Dr. Madnick's research group for their continuous feedback and support. This effort would definitely not have been possible without the support of the wonderful Masters in Management Studies (MSMS) community led by Chanh Q Phan and Julia Sargeaunt and all my classmates who constantly encouraged and motivated each other to excel. We had numerous events, boot camps and forums to facilitate exchange of ideas, which was immensely helpful. A special thanks also goes to the MSMS Program Director Dr. Michael A. Cusumano for giving me an opportunity to participate in this wonderful program and be a part of the MIT Sloan Community. The time spent here was truly a transformative experience and I had the pleasure of learning from some of the greatest minds in management studies. Last but not least, I would like to thank my parents and my brother for supporting my academic endeavors and giving me full freedom to pursue my interests and my husband, who is a constant source of support and encouragement in all my undertakings. 5 [Page intentionally left blank] 6 TABLE OF CONTENTS AB STR A CT ............................................................................................................................................................. 3 A CKN O W LE D GEM E NTS ................................................................................................................................. 5 1. IN T ROD U C TIO N ............................................................................................................................................. 9 2. LITE R A T U RE REVIEW ............................................................................................................................. STAKEHOLDER THEORY .................................................................................................................................................... RESOURCE D EPENDENCY THEORY ................................................................................................................................ A GENCY THEORY.................................................................................................................................................................10 IT G OVERNANCE THEORY.................................................................................................................................................11 ENDOW M ENT EFFECT AND STATUS QUO BIAS ........................................................................................................... O UTSOURCING ...................................................................................................................................................................... 3. C L OU D C O M PU T IN G ................................................................................................................................. D EFINITION ............................................................................................................................................................................ BENEFITS OF CLOUD............................................................................................................................................................17 CHALLENGES IN CLOUD ADOPTION................................................................................................................................ 10 10 10 12 12 14 14 17 4. CASE OF A LARGE FINANCIAL INSTITUTION MOVING TO HYBRID CLOUD.......20 ORGANIZATIONAL CHANGES IN HYBRID CLOUD DEPLOYMENT ....................................................................... ANALYSIS USING INFORMATION SYSTEMS AND ORGANIZATIONAL THEORIES .......................................... 5. SYSTEMS MODEL OF CLOUD ADOPTION .................................................................................. INTRODUCTION TO SYSTEM D YNAM ICS....................................................................................................................... SYSTEM S M ODEL OF CLOUD A DOPTION...................................................................................................................... SIM PLIFIED MODEL AND SIM ULATION RESULTS ................................................................................................. 6. C O N C LU SIO N ............................................................................................................................................... 25 27 32 32 33 41 45 ORGANIZATIONAL IM PLICATIONS..................................................................................................................................45 MANAGERIAL IMPLICATIONS...........................................................................................................................................45 N ON-M ANAGERIAL IMPLICATIONS................................................................................................................................46 7. FU TU RE W O RK ............................................................................................................................................ 47 8. R E FERE N C E S................................................................................................................................................ 48 7 LIST OF FIGURES FIGURE FIGURE FIGURE FIGURE 1:PUBLIC CLOUD DEPLOYMENT MODEL I .................................................................................. 15 2: PUBLIC CLOUD DEPLOYMENT MODEL 11............................................................................... 15 3: STRUCTURE OF IT ORGANIZATION.......................................................................................... 21 4: IT GOVERNANCE ARRANGEMENT MATRIX AT THE LARGE FINANCIAL INSTITUTION (BEFORE 200 1) (WEILL & ROSS, 2004)............................................................................................................. FIGURE 5: IT SHARED SERVICES AT THE LARGE FINANCIAL INSTITUTION ............................................. FIGURE 6: NEW IT GOVERNANCE ARRANGEMENT MATRIX AT THE LARGE FINANCIAL INSTITUTION (AFTER 2001) (W EILL & Ross, 2004) ............................................................................................ FIGURE FIGURE FIGURE FIGURE FIGUR E FIGURE FIGURE FIGURE FIGURE FIGURE FIGURE 7: COMPONENTS OF SYSTEMS MODEL ........................................................................................ 8: REINFORCING AND BALANCING LooPs .................................................................................. 9: REDUNDANCY REDUCTION ........................................................................................................ 10: ENDOW M ENT EFFECT BIAS ................................................................................................... 11: O W NER SHIP R ISK S.................................................................................................................... 12: OW NERSHIP RISK M ITIGATION ............................................................................................. 13: IMPACT OF OUTSOURCING ON CONTROL RIGHTS, COST AND ACCESS TO EXPERTS ............... 14: LABOR DYNAMICS RESULTING FROM OUTSOURCING.......................................................... 15: DEPENDENCY RISKS FROM OUTSOURCING........................................................................... 16: O N THE JOB LEARNIN G ............................................................................................................ 17: A SYSTEMS MODEL OF CLOUD ADOPTION........................................................................... 22 23 23 32 32 34 34 35 36 38 39 40 41 42 LIST OF GRAPHS GRAPH 1: BEHAVIOR OF ADOPTION WHEN IMPACT OF ADOPTION HIGH AND INITIAL MANAGEMENT SUPPO R T HIG H ..................................................................................................................................... GRAPH 2: BEHAVIOR OF MANAGEMENT SUPPORT WHEN IMPACT OF ADOPTION HIGH AND INITIAL MANAGEM EN T SUPPORT HIGH ............................................................................................................ GRAPH 3: BEHAVIOR OF ADOPTION WHEN IMPACT OF ADOPTION HIGH AND INITIAL MANAGEMENT SUPPO R T L O W ..................................................................................................................................... GRAPH 4: BEHAVIOR OF MANAGEMENT SUPPORT WHEN IMPACT OF ADOPTION HIGH AND INITIAL MANAGEM EN T SUPPORT LOW ............................................................................................................. GRAPH 5: BEHAVIOR OF ADOPTION WHEN IMPACT OF ADOPTION LOW AND INITIAL MANAGEMENT SUPPO R T H IG H ..................................................................................................................................... GRAPH 6: BEHAVIOR OF MANAGEMENT SUPPORT WHEN IMPACT OF ADOPTION LOW AND INITIAL MANAGEM EN T SUPPORT HIGH ............................................................................................................ GRAPH 7: BEHAVIOR OF ADOPTION WHEN IMPACT OF ADOPTION LOW AND INITIAL MANAGEMENT SUPPO R T L O W ..................................................................................................................................... GRAPH 8: BEHAVIOR OF MANAGEMENT SUPPORT WHEN IMPACT OF ADOPTION LOW AND INITIAL MAN A GEM EN T SUPPO RT LO W .................................................................................................................................................. 8 43 43 43 43 44 44 44 44 1. INTRODUCTION Technology is increasingly being used by organizations across industries to enable and improve their business performance. One of the technological innovations that has revolutionized the way people and businesses work in today's world is cloud computing. Organizations are increasing their consumption of cloud based services for a myriad of reasons - embracing new business opportunities, improving their current business performance, responding to crisis situations, changing their current business model and so forth. Irrespective of the motivation to adopt cloud, it is interesting to note that the transition from legacy IT systems to cloud is complex and a concerted approach from multiple parties within the organization is required to extract the benefits of cloud based services. This study starts by looking into existing literature on organizational and information systems research. The theories provide a framework of factors that will later be used to analyze cloud deployment in organizations. Chapter 2: Literature Review, explains the theories that relate to the challenges in the cloud adoption program both from an organizational as well as an individual employee's perspective. Some of the theories that are relevant to the organizational problems of cloud adoption are: Stakeholder theory, Agency theory, Resource Dependency theory, IT Governance theory and Outsourcing theory. Additionally, Daniel Kahneman's and Amos Tversky's work on loss aversion, endowment effect and status quo bias are used to explain the resistance towards cloud adoption by stakeholders within the organization. Chapter 3: Cloud Computing, gives a brief overview about cloud computing, the benefits of moving to the cloud and the risks and roadblocks an organization will face in the process of implementing the cloud adoption program. Using data from the theories, research and practitioner articles of the previous two chapters, in Chapter 4: The case of a Large Financial Institution (LFI) that recently moved to cloud is examined. The transformations in the IT function of the LFI over a period of 10 years are analyzed and the organizational structures and processes that facilitated a smooth transition to the cloud are determined. Based on the observations and insights obtained from the case, theories and practitioner articles, in Chapter 5: Systems Model of Cloud Adoption, a systems model that captures the interactions between the various factors is mapped out and the key levers in the cloud implementation process are identified. Using the comprehensive analysis done in the paper, the organizational, managerial and non-managerial implications of cloud adoption are captured in the conclusion chapter. 9 2. LITERATURE REVIEW This chapter examines the theories and phenomenon used later in the thesis to analyze the organizational change and the dynamics that result between the stakeholders within and outside the organization as a result of cloud adoption. The subset of organizational and information systems theories that are considered are - Stakeholder theory, Resource Dependency theory, Agency theory and IT Governance theory. In addition, the impact of endowment effect, status quo bias and factors influencing outsourcing are also studied. Stakeholder Theory As per Mitchell et al, there are three attributes that define the salience and criticality of the claims made by the members of an organization. The three attributes are power, legitimacy and urgency. Power defines the relationship between two social actors and the extent to which one can influence the other. Legitimacy defines the degree to which the claims proposed by the stakeholder are in conformation with the accepted norms and rules. Urgency is the extent to which the claims made by the stakeholders need immediate action. The combination of the attributes possessed by a stakeholder will determine the importance of the claims; and in case of competing stakeholder claims, the power, legitimacy and urgency wielded by a stakeholder will enable prioritization of the claims and choose the one that needs to be addressed first. The theory however notes that the level of power, legitimacy and urgency held by the stakeholders is not absolute. This dynamism results in the evolution of relationship between the stakeholders and thereby the saliency and the criticality of the claims made (Mitchell, Agle, & Wood, 1997). Resource Dependency Theory The resource-based theory takes an inward looking approach to a firm by identifying those resources and capabilities that differentiate a firm from others in the industry (Wernerfelt, 1984; Wernerfelt, 1995). The unique resources are considered to be a source of power and pivotal in creating competitive advantage to the firm. However not all firms have the resources needed to meet its requirements and as a result become dependent on sources external to the organization to their demands. This need to procure resources from a third party results in the formation of a relationship between the buyer and seller of a resource thereby creating interdependence between the two parties involved (Pfeffer & Salancik, 2003). As noted in the resource based view of the firm, possession of certain resources create a notion of power; when an organization is dependent on another firm for certain resources, it creates a power imbalance and the two parties form interdependent relationships. (Casciaro & Piskorski, 2004). It is interesting to note that the importance of the resource, the availability of substitutes and alternatives to the resource and the cost of switching between the suppliers of the resource characterize the dependence of one organization on the other. Organizations that are dependent on third parties for certain resources are cognizant of the interdependence and the imbalance in power; and as a way to mitigate the risks, form contracts and relationships with multiple vendors. Certain organizations also resort to cooptation models like joint ventures, mergers and acquisitions to reduce uncertainty and other risks associated with power imbalance and interdependence (Pfeffer & Salancik, 2003). Agency Theory The principal agent theory is another organizational theory that can be used to study the interactions between two parties - principal and agent. Principal is the party that delegates work to the agent who then performs the task for the principal (Jensen & Meckling, 1976). The theory suggests that there is asymmetric information between the principal and the agent, causing the agent to behave in a manner that maximizes its own interests rather than that of the principal. As per Kathleen M. Eisenhardt, in any 10 principal agent relationship - outcome uncertainty, risk aversion by principal and agent, inability in predicting the behavior of the agent, measurability of the outcome and length of the contract form crucial factors in defining the relationship between the two parties(Eisenhardt, 1989). Extending the transaction cost economics theory to the above observation, the agency costs that a principal incurs can be classified into: (1) Search costs: The principal invests time and resources in the search phase to ensure the quality of services provided by the agent. To reduce the uncertainty and the dependence on a single agent, the principal diversifies its risks by forming contracts with multiple agents. These actions involve time, effort and investment of resources for the principal. (2) Bargainingcosts: To ensure measurability, the principal will prefer outcome-based rather than behavior-based contract. The contract will clearly spell out the standards of performance expected along with the time period for which the contract can be enforced. This requirement results in negotiation between the two parties involved and the principal will incur bargaining costs. (3) Policingand enfbrcing costs: These are the costs incurred to reduce risks and ensure that both the parties abide by the terms and conditions stipulated in the contract (Dahlman, 1979; Eisenhardt, 1989; Rindfleisch & Heide, 1997). IT Governance theory According to Peter Weill, "IT Governance helps in specifying the decision rights and accountability framework to encourage desired behavior in the use of IT" (Weill & Ross, 2004). An IT governance structure is important because, IT in addition to being expensive and all pervasive within an organization has the potential to help organizations identify new business opportunities. A governance structure will help an organization maximize the benefits from the IT investments and improve the overall organizational understanding about IT (Weill & Ross, 2004). The IT related decision-making within an organization can be classified into five categories (Weill & Ross, 2004) 1. IT Principles: This decision includes defining the IT roadmap for the organization. To elaborate, the IT principles define the objectives and goals of the IT function against each of roles performed by the function. For instance, it will include the goal for the IT spend within the enterprise, new applications that will be rolled out, changes that will be made in the existing IT architecture and infrastructure. 2. IT Architecture: The key role of IT Architecture is to enforce the desired level of data and process standardization in the IT function and also define the technology that will facilitate the achievement of targets set in the IT principles. 3. IT Infrastructure: IT infrastructure is the building block of the IT function within an organization and includes hardware components (like workstations, laptops, tablets, servers), software, business application tools (like customer relationship management systems, supply chain management systems, HR systems, finance and the like). The decisions relating to IT infrastructure include budgeting and investment decisions, maintenance of existing systems and decisions related to ensuring security and mitigating risks in the existing IT infrastructure. 4. Business Application Needs: All the five IT decisions relate to how businesses can effectively use IT to create additional value. But this specific decision focuses exclusively on what new applications can be developed to created additional value to the customers. This decision-making requires a balance between creativity and discipline, because creativity helps in thinking out of the box and coming up with innovative ways of introducing IT solutions while discipline helps in ensuring the creative solutions are in compliance with the standards and norms enforced within the organization. 11 5. IT Investments: The decisions related to IT investments are threefold - determining the IT budget for the organization, prioritizing and identifying the IT projects in which the money can be spent and balancing the needs of the different businesses and processes. The group of people responsible for driving the above decisions can be classified into the following organizational archetypes. They can be responsible for either driving the final decision or providing input that facilitates the decision making process (Weill & Ross, 2004). 1. Business Monarchy: In this archetype, the decision rights are concentrated among a group of business or individual executives, and may include the CIO. Executives from the IT team can also be part of the committee that makes the decisions but these IT executives cannot act independently. 2. IT Monarchy: This archetype comprises of individuals from the IT function and they are responsible for driving all IT related decision-making. 3. Feudal: In the feudal archetype, each business unit, process owner has its own IT function and make independent decisions. 4. Federal: In the federal model, business leaders, C-level executives from the corporate and IT executives work together to define the IT roadmap and drive the IT decisions. 5. IT Duopoly: In the IT Duopoly model, the IT function works in cohesion with another group business unit or process owner or corporate executive to meet the IT requirements. 6. Anarchy: This is an extreme case where each individual employee within the organization has the autonomy to define and execute the IT requirements. Endowment effect and status quo bias According to psychologists Daniel Kahneman and Amos Tversky, when human beings are presented with choices their behavior can be characterized using four factors. First, when evaluating the alternatives, people use a subjective approach rather than an objective one. Second, people use the existing product or the service as their frame of reference and compare the alternatives based on the attributes of the current product or service. Third, based on the comparison if there are any enhancements in the new product or service, people perceive it as a gain and if there are any disadvantages, people perceive it as a loss. Finally, people are loss averse (i.e.) losses leave a negative impact in the minds of the people. This loss aversion effect causes people to value the products, services and other materials they currently possess more than the alternatives, resulting in a behavior called endowment effect (Kahneman, Knetsch, & Thaler, 1990; Kahneman, Knetsch, & Thaler, 1991; Thaler, Tversky, Kahneman, & Schwartz, 1997; Tversky & Kahneman, 1991). Kahneman and Tversky's loss aversion theory can also be used to explain the status quo bias that some people demonstrate. When people are accustomed to using certain products or services, their willingness to give up the existing product/service even for a better alternative decreases with time (Samuelson & Zeckhauser, 1988). In this thesis, the above theories and phenomena are used to analyze the different behaviors stakeholders demonstrate when the decision to move to cloud is made. Outsourcing Another theory that is relevant in cloud adoption is outsourcing. Certain aspects of cloud operations are analogous to an outsourcing model and hence it is important to understand the strategic implications of adopting cloud-based services. According to a study conducted by Nabeel A.F. Al Qirim, the main reasons an organization opts for outsourcing specific services are access to experts, get higher quality service from the outsourcer, access to new technology and cost reduction (Al-Qirim, 2012). Although it is 12 commonly perceived that lack of in-house capability or skills is one of the primary reasons for availing services from a third party, it is interesting to note that this factor was not one of the top five drivers of outsourcing. Other motivations for outsourcing include gaining competitive advantage, rolling out new IT projects in a short period of time and organizational restructuring and downsizing. Al Qirim also studied the situations when organizations prefer the outsourcing model. Easy access to additional capacity is one of the primary motivators of outsourcing; this is followed by crisis situation in the external environment that pushes companies to opt for outsourcing as a means to reduce cost. Additionally, availability of new technology or software in the market and incapacity of the internal staff to perform the task cause organizations to seek help from external environment. Thus there are several advantages that an organization can benefit from by opting to outsource. However, the outsourcing model poses certain challenges and it is important that organizations exercise caution to the following: (1) sufficient due diligence both in the choice of the supplier and the product/service offered (2) drafting the contract effectively and ensuring there are provisions to address under-performance/non-performance by the supplier (3) sufficient funds to pay the service provider (4) avoiding over dependence on a single outsourcer and (5) building adequate skills in vendor management which includes contract negotiation, conflict management (Al-Qirim, 2012). The theories that have been briefed in this chapter will be used later in this paper to analyze and identify the key factors that influence cloud adoption programs in organizations. The next chapter gives a brief overview about cloud computing, the various deployment and service models that are available, the advantages of cloud systems and finally the challenges they pose. 13 3. CLOUD COMPUTING There are several definitions of cloud computing that exist in today's literature and research papers. This paper uses the definition proposed by National Institute of Standards and Technology, as it closely mirrors the characteristics of cloud and the unique advantages cloud provides over other IT systems. Definition In September 2011, the National Institute of Standards and Technology (NIST) defined cloud computing as "a model that provides ubiquitous, convenient, on-demand network access to a shared pool of computing resources like servers, networks, storage, applicationsand services with minimal management efbrt and service provider interaction" (Mell & Grance, 2011). According to Mell and Grance, cloud poses five characteristics namely: 1. On-demand self-service and elasticity: Depending on the demand for resources, the user can rapidly provision as well as release the resources.. Based on the resource requirements, a user can automatically provision as well release the computing resources with minimum involvement of the service provider. 2. Broad network access: The resources on the cloud can be accessed from anywhere over the network and using multiple platforms like mobile, tablets, laptops and workstations. 3. Resource pooling: Cloud is based on a multi-tenant model where the resources are pooled and assigned to multiple users depending on the demand for these resources. 4. Measured service: The user can easily monitor the utilization of the computing resources. The user in addition can track, report and optimize the usage of the computing resources. The NIST report on Cloud Computing definition also describes the deployment and service models of cloud (Mell & Grance, 2011). According to Mell and Grance there are four types of cloud deployment models, namely: 1. Private: In the private cloud deployment model, the cloud services are deployed exclusively for the use of consumers within the organization. The cloud infrastructure will be managed by the internal IT function within the organization or by an external cloud service provider or a combination of both. This model is typically used when organizations have sensitive data and are skeptical of hosting their information on a third party's infrastructure. 2. Community: In the community cloud deployment model, the cloud services are provisioned for a community of users from multiple organizations that have a shared concern. Here again, the cloud infrastructure can be managed by the internal IT function of the organizations that are part of the community or by an external cloud service provider or a combination of This model is typically used when the organizations in the community are working towards a common mission and could benefit from sharing the cloud services among them. 3. Public: In the public cloud deployment model, the cloud service is provided for the use of the general public. In this case the service provider manages the cloud infrastructure and the infrastructure exists on the service provider's premises. This model is used when the organization wants to leverage on the expertise of a cloud service provider and wants to deploy the cloud environment at the earliest. a. Forms of public cloud deployment In the implementation of public cloud, two main stakeholders - business and enterprise IT organization are considered. When going for the public cloud, businesses have two choices - (1) 14 approach the cloud service provider directly bypassing the internal IT organization or (2) approach the cloud service provider through the internal IT organization. Depending on the medium used, the internal processes, responsibilities and skillsets of the employees go through a change (Goles & Chin, 2005; Grover, Cheon, & Teng, 1995). Consider the first case where the business deals directly with an external cloud provider. This option is used when the business is not satisfied with the quality of service provided by the enterprise IT team and approaches a third party vendor to meet its IT needs. As indicated in Figure 1, businesses communicate directly with the vendors for their cloud requirements, some of the existing roles within the IT function are exposed to the risk of becoming obsolete. In addition there is a cultural shift within the organization as there is a change in the control rights, decision rules and governance structure because decisions related to cloud operations are completely handled by the businesses and the IT has little role to play. Business Cloud Service Provider K2- Figure 1:Public Cloud Deployment Model I Changes in the roles and responsibilities: As the businesses deal with the external cloud service provider, they are now responsible for vendor management - evaluation of vendors, drafting contracts, identifying potential risks and the means to mitigate them. Businesses are also liable of ensuring data security and compliance of all rules and regulations by third party. They are also accountable for overseeing the cloud operations and monitoring the performance of the cloud services. To meet the above-mentioned changes in the responsibilities of businesses, the employees need to develop new skills - sourcing of vendors, contract management, IT risk assessment and cloud operations. This could cause certain stakeholders to resist the change especially among those who lose certain rights and privileges they were previously endowed with Changes in the internalprocesses: In this option, as the business bypasses the internal IT team, it is the main driver of IT decisions such as identification of IT requirements, implementation of IT projects for the business and IT investments. In addition, all processes related to co-ordination with the external cloud provider will be directed through the business. Next, the scenario where the business uses the IT organization within the enterprise to look for an appropriate cloud service provider, as depicted in Figure 2 is examined. This is used when the internal IT organization doesn't have the necessary skills in cloud operations and the business would like to leverage on the external expertise with the help of the internal IT organization. Business Internal IT Organization Figure 2: Public Cloud Deployment Model II 15 <- Cloud Service Provider Unlike the previous case where the IT organization cedes most of its control either to business or cloud vendor, here the IT retains partial if not complete control over the IT resources of the firm. Depending on the cloud service opted for - SaaS/PaaS/IaaS the extent of shift in control varies. Regardless of the kind of service, the move to cloud brings in changes of existing roles with some roles becoming irrelevant. Also the adoption of cloud purports changes in business processes, decision rules, governance structure and challenge the status quo in the existing organization. This could cause certain stakeholders to resist the change and this defiance will be manifested more among the stakeholders who lose certain rights and privileges they were previously endowed with. Changes in the roles and responsibilities: As the IT organization serves as the interface between businesses and third party cloud providers, the responsibilities of establishing vendor relationships, evaluating vendors, formalizing contracts and overseeing the services provided by the third party fall under the ambit of the IT organization. To meet the demands of cloud environment the IT function should have a sound understanding of the different businesses within the organization, the processes and tasks within each of these businesses and how the actions of one business impacts the other businesses, functions and the overall enterprise. The IT function also needs to ensure data security and compliance with all rules and regulations. They are also accountable for overseeing the cloud operations and monitoring the performance by tracking cloud efficiency - (i.e.) determining if the company is getting the most value from its cloud investments, understanding cloud economics and driving for cost efficiency. Changes in the internal processes: In this option, the business is still the main driver of the decisions relating to IT solutions. Hence the tasks related to making strategic choices as well as implementation of IT activities within the organization will be routed through the business. On the other hand, the IT function will serve as an interface between the business and the third party and will monitor the operations and efficiency of the system. Using their expertise in technology, the internal IT team will actively engage in identifying the IT needs of the businesses and partner with the external cloud provider to deliver the same. Thus any task that involves co-ordination between the third party and the business will be handled by the IT function. 4. Hybrid: In the hybrid cloud deployment model, the organization makes use of a combination of private, public and community deployment models. An organization that uses a hybrid model has a separate cloud infrastructure for each of the deployment models used and enforces technology standards to enable data and application portability across the deployment models. This combination model is used by organizations that have both heavily regulated businesses where security and compliance to standards is of paramount importance and also businesses that are outside the regulatory bodies. Additionally, an organization that has private cloud as its primary model can make use of cloud based services provided by a third party when there are sudden surges in workload and when there is a need for additional processing capacity on a temporary basis. For the purposes of discussion, this thesis refers to the private, public and hybrid cloud deployment models. Next, the three types of cloud service models are discussed (Mell & Grance, 2011): 1. Infrastructure as a Service (IaaS): It enables users to provision processing, network, storage and other basic computing resources. The user does not have control over the cloud infrastructure but has control over the operating systems, applications and other storage components on the infrastructure. 16 2. 3. Platform as a Service (PaaS): The user can deploy applications (both user-created and off the shelf applications) on the cloud infrastructure. The user has control only over the applications and not on the infrastructure, operating systems, servers and other storage components. Software as a Service (SaaS): The consumer makes use of the applications deployed by the provider in the cloud infrastructure over a thin or think client. The user cannot control the cloud infrastructure, operating systems, servers or the applications, although in certain cases, the user is allowed to make changes to the configuration of the applications. Thus, the previous sections examined the definition, characteristics, deployment and service models of cloud. In the next section, the benefits of cloud computing and the challenges an organization will face when adopting cloud based services are discussed. Benefits of cloud Based on the five characteristics of cloud discussed previously, an organization can realize the following benefits by moving to the cloud (Armbrust et al., 2010). 1. Agility: The on-demand self-service capability allows users to automatically provision and release the computing resources thereby resulting in an IT system that is nimble and able to meet the computing and storage requirements of the businesses. 2. Accessibility: The broad based network access allows users to access the computing resources from anywhere in the network using multiple devices, thus bringing in location and device independence. 3. Utilization: The elastic nature of cloud computing allows users to rapidly provision and release resources based on business demands. This elasticity improves the utilization of the resources and increases the efficiency of the IT systems. 4. Cost: Cloud improves resource utilization and as a result the users pay only for what they use. This subscription based model combined with resourcing pooling let businesses share the costs thereby bringing down the overall costs in managing and maintaining cloud systems. 5. Performance: The measurability aspect of cloud brings in transparency and allows the users to constantly monitor and report the usage of the computing resources. This helps the users as well as the service providers to track the performance of cloud-based services. In addition, since the resources are shared with multiple users, maintenance of these systems becomes easy. Challenges in cloud adoption Although there are several benefits in moving to the cloud, introduction of cloud services in an organization possesses certain challenges. 1. Scope and Understanding of Cloud: Cloud could mean different things to different people and their motivation to adopt cloud could vary. The perception of cloud can be a way to a. Reduce cost as a result of poor business performance or an external crisis b. Change the current business model c. Address performance gaps in the IT system d. Embrace a new business opportunity/technology Thus depending on the understanding and motivation of the stakeholders the level of commitment to embrace cloud will differ. 17 2. Misalignment and Conflict of Goals a. Interest mismatch: The real benefits of cloud can be achieved when there is centralization of the IT function across the enterprise. However in an organization each business perceives itself as unique with distinct IT requirements and may not want to adopt the cloud. b. Not invented here syndrome: In the case of public cloud, the cloud infrastructure is hosted and managed by the service provider. This introduces a bias in the minds of the people in the IT function, as they do not want to use the services developed by a third party. c. Shiny ball efect: Some stakeholders within the organization would want to adopt the cloud, as they perceive it as the next shiny ball in the technology space. They believe it to be a solution for their current technology challenges without much due diligence in analyzing the costs and benefits of adopting it, at times even ignoring the real problem. 3. Quantifying and Balancing Benefits and Costs: One of the essential characteristics of cloud is that it provides measured services where the performance of the cloud can be easily tracked. Based on recent research, cloud maturity models have been developed to define the cloud readiness of an organization'. It can be observed that, by centralizing the IT services, improving competence in vendor management and cloud operations, and introducing IT governance structures an organization can realize higher benefits through cloud. These archetypes however get developed over a long run and sustaining the commitment and motivation levels of the employees during this period could be a challenge. 4. "Worse-before-better" Trap: When an organization takes the initiative of moving to cloud, it needs to dedicate some of it existing resources- time, people and finances to building the cloud environment. This could create a decrease in the productivity and efficiency of the existing work, as the resources need to be shared between the current and new project (i.e. cloud). In addition, it takes time for employees to learn the new practices and processes related to cloud and could take a while before the organization realizes the actual benefits of cloud. 5. Issues Related to Standardization: The broad network access characteristic of cloud allows users to access computing resources from anywhere using heterogeneous platforms like mobile, tablets, workstations and laptops. To facilitate such a seamless accessibility, there needs to be standardization of applications, programming language, and storage across the platforms. 6. Issues Related to Governance and Security a. IT Governance: A cloud model brings in interactions between multiple parties and in certain cases, as a precursor to cloud adoption, an organization can introduce IT shared services model. These situations mandate that a governance mechanism be put in place to clearly specify and communicate where the key decision making related to IT happens. In absence of such mechanisms, there could be ambiguity in decision rights resulting to lower performance of the cloud system and the organization. b. Datasecurity: Another issue with cloud is ensuring the security of the information hosted in a third party's network. This is especially relevant in a public/hybrid cloud scenario where the cloud infrastructure is hosted and maintained in the service provider's premises. Even in a private cloud, an organization can enforce rules that limit the visibility of data and information to ensure security. 1 Assess your Cloud Maturity, Vanessa Alvarez, James Staten and Jessica McKee, May 2012 18 7. Issues related to inter-organizational dependence: In the case of public and hybrid cloud, the dependence on third parties for cloud-based services can result in loss of control rights for employees of the organization. In addition, the service provider exposes the enterprise adopting public based cloud, to the risk of non-compliance of standards of performance. 8. Issues related to intra-organizational dependence: The change in IT governance mechanisms can bring in change of decision and control rights among the stakeholders within the organization. This increases chances of conflict between the stakeholders, pushbacks and attempts to work around the new governance structure. Thus having a strong leadership support with clear direction will help in the transition process. 9. Skill development: With the introduction of cloud, an organization needs to invest in two types of skill development. One is the competence in contract management, as the public and hybrid cloud deployment models involve interaction with third party cloud providers. The members within the organization need to be skilled to handle any exigency involving the cloud service provider. Another set of training is needed to facilitate employees within the organization to acclimate themselves with the new business processes and governance structures. 10. Budget and Financial Constraints: The last but the most important challenge is to determine where the financing for the cloud introduction program comes from. The organization needs to have a strong business case to support the adoption of cloud and also forecast the benefits achieved by deploying cloud-based services in the organization. Thus from this chapter, it can be observed that although the cloud brings in several operational and financial efficacies, it poses certain challenges at an organizational as well as individual employee's level. Keeping this in mind, organizations need to take steps that enable them to overcome the roadblocks and ensure the organization is able to reap the benefits of cloud. The next chapter uses an example of a large financial institution, and tries to understand their motivations to embrace hybrid cloud technology, the organizational changes that were implemented to support the cloud transition, the resistances the organization faced and the steps taken to overcome them. 19 4. CASE OF A LARGE FINANCIAL INSTITUTION MOVING TO HYBRID CLOUD In the previous chapters a brief overview of cloud computing and also existing literature on stakeholder, resource dependency, principal agent, outsourcing, IT Governance and organizational change theories were examined. In this chapter, the case of a large financial institution that adopted cloud based IT services, will be analyzed using the theories described previously. The financial institution implemented a hybrid cloud program in 2009 and it was primarily triggered by the crisis that hit the financial market in 2008. The business objectives of this move were to reduce cost, improve IT security and improve processing capacity to meet the demands of the changed environment. The decision to move to the cloud entailed transformations both in the business and the IT function, however changes in the IT service model and IT governance structure, which began in 2001 enabled a smooth transition to the cloud. When an organization decides to move to the cloud, the two common deployment models available are public and private cloud. In a private cloud, the internal IT organization is responsible for providing the cloud services. This entails changes in the role of the IT function within the organization - shift from IT operations to cloud operations, change in the data center management, software development and maintenance. This chapter aims to identify the factors that trigger the IT transformation process, the ramifications of the change on the organizational structure, governance model and roles of individual employees and the challenges the organization faces in the transition phase. For the purpose of this analysis, the dynamics between the IT function and the businesses within the financial institution have been examined and the changes that happened within these functions over a course of 15 years have been traced. About the organization The large financial institution provides financial services to other institutions in the same industry. It is one of the leading users and developers of information technology and places a huge emphasis on technology. The organization created products and services that were heavily IT dependent for its clients and to support this huge reliance on technology, invested a substantial portion of its operating expenses on IT and the people who supported the function (Weill & Woodham, 2002). Traditionally, the IT function at the financial institution was highly decentralized. A small group ran the data center and the network, and a central development organization supported the transaction processing system for some of the businesses. In addition, each business had its own independent IT organization, which catered to its technology requirements. Additionally, a central IT Steering Committee comprising of CIOs of different businesses was responsible for the enterprise wide use of IT (Weill & Woodham, 2002). Figure 3 indicates the structure of the IT function that existed within the organization. 20 Figure 3: Structure of IT organization 2001 Dot-com bubble In 2001, against the backdrop of the Dot-com crisis that hit the IT industry, the CIO of the organization in consultation with the CEO and other executives, started an IT centralization program to integrate the different businesses and consolidate the disparate IT units within the organization. The main motive behind this program was to improve the IT efficiency and also ensure that the different businesses within the organization worked in a concerted fashion to deliver a seamless service for the clients. The new business direction required the various IT functions within the organization to work in unison and thereby maximize the returns from the investments made in technology. A shared IT infrastructure was believed to reduce redundancy, cut costs and decrease time to market. The program began with the evaluation of the existing processes within the IT function and an initial review showed that the mechanisms had to change and a new IT governance structure, culture and IT organization structure had to be established (Weill & Woodham, 2002). In Figure 4, the IT Governance arrangement matrix of Peter Weill and Jeanne W.Ross has been used to trace where some of the key decision making related to IT happened within the large financial institution. Weill and Ross look at five types of decision-making - IT Principles, IT Architecture, IT Infrastructure, Business Application Needs and IT Investment and six possible arrangements within the organization to make these decisions - Business Monarchy, IT Monarchy, Federal, Duopoly Feudal and Anarchy (Weill & Ross, 2004). Each of the decision types is further analyzed from the perspective of who provides the inputs and who make the final decision. From Figure 3, it can be noted that the structure of the IT organization at the large financial institution was highly distributed with very little collaboration among the different IT teams. The businesses had complete control over their IT requirements, budget and defining their IT priorities. Although the IT Steering Committee was involved in defining the IT objectives and infrastructure, the businesses could override their decisions. Similar situation existed in the case of deciding the architecture and platform to support the various IT applications within the organization (Weill & Woodham, 2002). 21 IT Architecture IT Infrastructure I I n n I n p u t IT Principles p Decision u t p Decision u t nrasrucre Business Application Needs IT Investment jIvsmn Decision I n p u t Decision I n p u t X X X X Decision Business Monarchy IT Monarchy Federal X X X Duopoly Feudal X X X Anarchy Figure 4: IT Governance Arrangement Matrix at the large financial institution (Before 2001) (Weill & Ross, 2004) New IT GovernanceMechanisms To support the IT centralization program, the IT function was completely reorganized. It went from being a decentralized system to a federated organization where the whole enterprise was supported by a common IT department. The leadership, processes, structure and culture went through a complete change with new entities being formed to focus on IT objectives of the businesses. To balance the enterprise wide and business specific IT requirements, vertical and horizontal services were created (Weill & Woodham, 2002). For instance, services such as infrastructure and data management were grouped together horizontally and controlled at an enterprise wide level and they delivered the necessary services through an IT shared services model. IT needs that were business specific were delivered as vertical services. Thus this initiative changed the way the business and the IT organization interacted traditionally with each other. The roles of the IT function with the organization could be broadly demarcated into providing IT infrastructure support for the businesses, managing architecture standards, developing and maintaining applications and deciding the IT investments for the enterprise. All these functions were impacted as the financial institution tried to institutionalize a shared services model. Figure 5 denotes the new structure of the IT function at the financial institution. With the formation of the Shared Services model, it can be seen that the IT function came to being part of the corporate function with IT Business Partners who served as a liaison between the corporate IT function and the individual business units. 22 coo Audit &Risk, Information fT Business Partner Office of Architecture Development Organiza t ion Security Figure 5: IT Shared Services at the large financial institution Figure 6 denotes the revised governance arrangement within the IT function. Comparing the governance structure before 2001 and after 2001, it can be seen that the organization moved from a business unit level to corporate level structure for IT related decision-making. Although the business held on to the power of making the final decision, the IT leaders and executives at the corporate level were involved in the input seeking and execution phases. However, in the years that followed the institution of the centralized IT organization, there were instances when the business deviated from the governance structure and initiated IT projects that were outside the ambit of the IT function IT IT Principles Architecture I I n n p IT Infrastructure h p Decision u t Business Monarchy IT Monarchy u t c'Needs I n Decision p u Decision t Business IT Application Investment I n p u Decision t X X I X Decision t X X I n p u X Federal Duopoly X X Feudal Anarchy Figure 6: New IT Governance Arrangement Matrix at the large financial institution (After 2001) (Weill & Ross, 2004) 23 Going to the cloud In 2008, the financial crisis impacted all firms in the finance industry and the large financial institution was no exception. Under severe pressure to reduce cost and improve its services to the clients, the management looked at options that could create additional business value. As technology was one of the key drivers of revenue as well as cost reduction, attempts were made to improve the IT services. One of the trends that existed in the technology market at that specific point in time was moving to cloud based services and the large financial institution initiated a comprehensive cloud adoption program. The goals set for cloud program were: - " - Reduced time to market of new information services Faster information processing and risk assessment Enhanced security through automation of transactions Faster provisioning of capacity Cost reduction including more efficient, lower-cost software development As part of the cloud program, the financial institution had to initially choose the preferred deployment model: 1. Private: In this scenario, the financial institution manages the cloud platform and the internal IT function is responsible for the cloud operations. The upside to this option was to have direct control over the IT system and being in a highly regulated industry, the financial institution could ensure compliance and security of the data hosted in the cloud. The disadvantage with this option was however to invest initially in building the skills and competence needed to manage cloud operations, introducing a delay in the whole process. 2. Public: In the case of public cloud, the organization could leverage the expertise and skills of a third party vendor to manage its cloud operations and also provision cloud-based services faster than the private cloud. The organization however had to invest time and effort in choosing the right vendor and also negotiating the terms and conditions of the contract with the cloud service provider. When drafting the contract special attention had to be given to ensure data security and compliance with the standards in the financial industry by the service provider. Also appropriate clauses for under/non performance of the accepted terms had to be incorporated in the contract. 3. Hybrid: The third choice hybrid is a combination of private and public cloud. In this option, the organization can benefit from the advantages unique to public and private cloud deployment. For instance, for IT services that have sensitive data and where security is a cause of concern, private cloud services can be used and for other services and applications public cloud can be opted. Also public cloud can be used to supplement the capacity provided by private cloud, especially when there is a sudden surge in customer requests. After careful consideration of the various options available, the management at the financial institution devised a roadmap for the cloud adoption. They used a threefold approach as part of the cloud adoption program. (1) Determining the cloud deployment model and the type of services offered through cloud (2) Application rationalization, refactoring and outsourcing of application maintenance and (3) Removal of desktops and using thin clients. The cloud deployment began with the planning stage that spanned about 18 months. This time period was used to test the readiness, security and performance of the IT infrastructure to support the cloud. This phase enabled the organization to evaluate technologies, assess risk and discard technologies that didn't meet the acceptance criteria. Being in a highly regulated industry, the organization finally conducted an external review to ensure compliance with the industry standards under the new IT infrastructure. 24 Since IT formed a critical aspect of the financial institution's business the management desired a cloud solution that enabled them to retain much of the control over the IT system. By deploying an in-house cloud, the internal IT team was responsible for the cloud deployment and the operations and maintenance of the cloud infrastructure thereafter. However in a few cases, depending on the needs of the business, individual business units made use of cloud services from external vendors to meet their requirements. Such business specific IT requirements were treated as an exception and were financed by the business unit. Thus the cloud adoption strategy of the financial institution encompassed public and private cloud so that the firm could leverage on the advantages provided by both the models. Another aspect that was considered as the organization moved to the cloud is the kind of services that will be delivered through the cloud - Software as a Service, Platform as a Service, and Infrastructure as a Service. It can be observed that the organization under study provided IT solutions to other financial institutions and the end users of these IT solutions were in fact customers of the other financial institutions. Thus the model here was analogous to providing Software as a Service and most of the services that were offered through the cloud belonged to this category. The organization's legacy IT system comprised of 800 applications. Under the cloud adoption program, the maintenance of these applications and the management of the data center were outsourced to third party vendors. The internal IT team retained the development of software and new applications. This arrangement of outsourcing the maintenance work freed up the internal IT resources and let them focus on cloud migration and developing new applications that were compatible with the cloud infrastructure. Additionally, the cost savings that were achieved through the outsourcing model was used to fund the cloud program. Thus the cloud adoption could be implemented without any significant investment. Also the organization tried to rationalize the number of applications that existed in the organization - it began with decommissioning obsolete applications, consolidating redundant ones and refactoring certain applications. Thus the financial institution created an optimal portfolio of applications that could be hosted in the cloud. As of 2012, a quarter of these applications have already been moved to the cloud whole the rest are being tested for cloud deployment. The IT organization at the financial institution went through several changes leading up to the cloud migration. It began with the creation of the IT shared service model followed by a shift towards virtualization where data was managed remotely, OS was provided to the desktop users through thin clients and users could provision resources automatically based on their requirement. Also the development and production environments were standardized and Java was being used as the primary language. A gold copy of all business applications was maintained and new business requirements were added to the repository periodically. Thus the emphasis over the period between 2001-2008 was on reusability of IT resources and applications and creating efficiencies in the IT system that translated directly to business value. Organizational changes in hybrid cloud deployment The deployment of cloud had an impact on the following entities: - Enterprise IT - Business unit IT - Business unit operations - Business unit management 25 EnterpriseIT: The central IT organization was responsible for the cloud services. This brought in several changes in the role of employees within the central IT team. Some of the traditional functions like data center management and maintenance of existing applications were outsourced to third party vendors. The enterprise IT team was now solely responsible for software development. However with the change in the technology, the IT organization had to adapt to the new environment. This implied changes in IT infrastructure, security and applications development. In addition they were also now responsible for cloud operations rather than IT operations - (i.e.) ensuring the IT resources were delivered on demand and at scale in a multi-tenant environment. With the dependence on third parties for data center management and maintenance, the enterprise IT now needed the competence to deal with vendor management. Also cloud brings in changes in the business operations and as a result the IT organization now needed a better understanding of the business. Business unit IT: The deployment of cloud services mandated closer interactions between the business and the IT organization. In this regard, the IT business partner played the crucial role of being an intermediary between the two parties. The IT business partners helped the enterprise IT team understand the business processes, get deeper knowledge of the businesses and recognize the role IT played in each of the businesses. At the same time the IT business partners also helped the business unit clearly communicate their requirements to the central IT team and facilitated a smooth transition to the cloud. Business unit operations: The cloud brought in a multi-tenant environment where businesses shared a single instance of software or application, implying changes in the existing business processes. For instance, businesses in the large financial institution had to standardize their development environments and use Java as their primary language. Businesses also had to get accustomed to the notion of virtualization and using applications and software through thin clients. This move to replace desktops with thin clients demands adjustment from the individuals who make use of the computer systems. Using the theory of endowment effect bias, it can be seen that when individuals are required to make alterations to behavior that they are habituated to, it is usually met with resistance, especially when the benefits achieved from the adjustment doesn't far exceed the behavioral changes demanded. For instance, from the perspective of a computer user, the benefits of using software and applications through a thin client vis-a vis an actual desktop are not clearly evident. To elaborate, some of the advantages like improved IT efficiency and utilization of capacity are clearly not visible to the end-users. As a result, when the end users are asked to use instances of applications and software from a common server instead of their desktops, they do not perceive the change as beneficial to them. And as the theory suggests, when the status quo is being challenged, humans place a higher weightage on losses than on the gains. Thus even small changes, which the organization believes can be done easily, will be met with resistance and can take a long period of time to get the acceptance and buy-in from the end-users. This opposition can however be overcome through strong leadership support as well as institution of process owners who serve as evangelists of the change program. Business unit management: Certain proponents of cloud computing believe that cloud is an operations model and not a new technology. The implication of the change in operations model to businesses is change in existing business process, organizational structure and culture. Cloud brings in an element of centralization and sharing of resources - IT capacity, people. As a result, businesses that originally had complete control over their IT management now need to get adjusted to the collaborative environment. This change brings in issues related to control rights, security, intra organizational dependence and governance rules. 26 Analysis using Information Systems and Organizational theories In this section, existing theories in information systems research like stakeholder theory, resource dependency theory and principal agent theory have been used to analyze the dynamics between the IT function and the business due to the incorporation of cloud based services in the large financial institution. Resource Dependency theory The resource dependence theory uses two factors - power and interdependence to explain the dynamics between the two parties involved in a mutually dependent transaction (Casciaro & Piskorski, 2004). When an organization is dependent on others for resources, it creates imbalance in power and interdependency between the parties involved. This power imbalance and interdependency coupled with uncertainty, creates tension and the two parties take action that reduces the risk they maybe subject to owing to the reliance on the other. Considering the IT shared services model that was formed at the financial institution in 2001, it can be seen that the different businesses which originally had autonomy over their IT resources and services, were now dependent on the central IT team. With the new system that was institutionalized, businesses that traditionally had direct control over the IT budget had to go through the central IT Steering Committee team for their IT investments. In addition, the IT infrastructure and IT architecture were shared at an enterprise level and businesses were encouraged to collaborate and leverage on each other's resources rather than creating redundant ones (Davis & Cobb, 2010; Hillman, Withers, & Collins, 2009; Pfeffer & Salancik, 2003; Ravichandran, Lertwongsatien, & LERTWONGSATIEN, 2005; Weill & Woodham, 2002). With strong executive support at a corporate level, collaboration among businesses and between the business and the IT organization was mandated to leverage the specialized skills and expertise in each business unit. This created the element of interdependence, as businesses were reliant on the expertise of IT organization to identify and provide IT services that met their requirements. Likewise the IT organization was dependent on the businesses to get the right requirements. As the investments were being tracked and the performance of the new technology was measured, it was important for the IT team to elicit the right support from the business. This mutual dependence on each other ensured the two entities collaborated with each other. Taking a critical look at the situation where a central IT team controlled all the IT resources, the businesses would have ceded a majority of their control and key decision-making abilities. In the large financial institution, where IT had a direct impact on the customers and created immense value for the business, this would imply a huge shift in power from the business to the IT organization. Keeping this in mind, it is interesting to note the composition of the Steering Committee (SC) and the escalation mechanisms that were created at the financial institution. The SC primarily consisted of enterprise executives like CIO, CAO, COO and senior members leading key business units. This implies that although a federated organization was created to manage the IT resources, the key decisions like formulating the IT strategy, IT investments were held by the business leaders. Likewise, in defining the standards for IT architecture, although the central architecture team was responsible for managing the architecture and infrastructure standards across businesses, any off standard decisions were arbitrated at the CIO, COO and business leader level. Analyzing the above situation from the resource dependency lens, it can be noted that the business leaders were reluctant to give up their autonomy and be dependent on the IT function to meet their requirements. To overcome the power imbalance, the decision-making power was retained by the business and the central IT organization was responsible only for optimal utilization of IT resources, removing redundancy and improving the efficiency of IT operations. In a cloud environment where multi-tenancy is common, there is increased dependency between the different businesses. As a result, new standards and processes have to be incorporated to reflect the 27 centralized and agile culture. The large financial institution used a hybrid model where in addition to an internal private cloud, some of the businesses made use of cloud services from third parties to meet their specific requirements. In a hybrid cloud deployment model, the engagement with a cloud service provider increases the dependency and organizations tend to alter their structures, processes and behaviors and try to get into mutually beneficial coalition relationships. The public cloud aspect brings in additional layers of dependence, and organization accounts for these dependence risks by incorporating strict quality and performance controls in the contracts. Many organizations mitigate their overdependence on a single IT service provider by having contracts with more than one supplier. Stakeholder theory The stakeholder theory postulates three factors - power, legitimacy and urgency that define the salience of the claims made by the stakeholders (Mitchell et al., 1997). In the context of the large financial institution, the stakeholder theory can be used to understand the dynamics between the IT organization and the businesses. Before the introduction of IT shared services, business leaders had the absolute power to decide the IT budget and execute projects at their will. Thus it was a decentralized model with each business unit having its own IT function and poor co-ordination between them. As a result, when a new technology was being deployed no efforts were being taken to check the compatibility and the business implications of having multiple IT environments. After the new federated IT model was rolled out, there was a perceived change in the power, legitimacy and urgency aspects of the stakeholders' claims. For instance in the new IT governance model, individual businesses were dependent on the SC for budget approval and deciding the IT objectives for the year. The businesses could no longer define the technology standards and the network and security support. The IT infrastructure and architecture were controlled at the enterprise level to ensure uniformity and consistency. Thus for any IT requirement, the business had to substantiate the legitimacy and urgency aspects before it was approved by the shared services. Among the three factors mentioned, power was crucial to implement any strategy. Taking a closer look at the governance model, it can be seen that power rested predominantly with the enterprise level and business level executives. Thus, although the IT organization possessed the legitimacy and urgency factors, the business leaders could override them owing to the power vested in them. The introduction of cloud-based services in 2008 however changed the dynamics, as the focus shifted more towards an enterprise level decision-making model. The cloud necessitated increased collaboration between the businesses and IT and there was limited opportunity for the business to override and work around the central IT team. As the cloud operations were handled by the central IT team, they could use their expertise to verify the legitimacy and urgency of the claims made by the business as well as the third party and could offer their suggestions. Outsourcing theory: In a hybrid cloud model, an organization uses a combination of private, public or community cloud deployment model. The large financial institution used a mix of private and public cloud. In the case of public cloud, an organization has access to new technology and experts immediately, giving them more time to focus on their core business processes. In addition since the organization need not develop the new IT capabilities from scratch, they can operationalize the IT projects faster. In addition to gaining competitive advantage over the peers, an outsourcing model helps an organization catch up to the industry trends faster. For example, if an organization's competitors have already adopted the cloud and reaping 28 high benefits from it, the speed in deployment of a public cloud will help the organization adopt the new system faster and obtain greater benefits. When an organization opts for a public cloud it however faces certain issues because of outsourcing certain IT services. The business and the IT organization do not have adequate skills in contract negotiations and as a result they have difficulty in managing contracts. Also in terms of selecting the right vendor for the cloud services, the business and the IT function do not have much expertise in identifying and managing the vendors. The problem manifests when there is a need to manage different suppliers for different IT needs - like data center management, cloud services. Thus one of the key requirements is for the two stakeholders involved in cloud adoption process - business and IT function, to develop skills related to vendor management and contract negotiation. This will help them resolve any conflict that arises between the vendor and the enterprise over the course of the contract. It also helps in handling issues that could crop up due to non-performance or under-performance of the terms agreed upon by the vendor. One of the challenges that organizations moving to cloud face is establishing and maintaining data standards across the different systems served through cloud. Data Standardization is an issue being faced by many organizations in the industry, as no set benchmarks exist in the current scenario that could be replicated across the organizations 2 . Transaction costs: Considering the transaction costs that are incurred in the outsourcing model, it is evident that the organization opting for some form of public cloud needs to budget for the following costs (Rindfleisch & Heide, 1997). i. Search and information costs - This is the cost incurred by the organization in choosing an appropriate vendor for its cloud services ii. Bargaining costs - This is the cost involved in drafting the contracts and agreeing on the terms and conditions between the cloud service provider and the organization iii. Policing and enforcing - This is the cost involved to ensure the other party abides by the terms in the contract and in case of any non-compliance the cost associated with the legal recourse and the damages claimed. Principal Agent theory Using the principal agent theory, it can be seen that the transaction costs discussed previously are primarily due to five factors (Eisenhardt, 1989; Jensen & Meckling, 1976): 1. Outcome uncertainty: The benefits of adopting the cloud are not immediately observable and the principal accounts for this uncertainty when considering the policing and enforcing costs. 2. Risk aversion by both principaland agent: Since the principal is dependent on a third party for its IT services, they are concerned about confidentiality and security of the data hosted on the cloud. The agent at the same time doesn't want to get into legal issues and as a result both parties incur costs related to policing and enforcing. 3. 2 Extent of predicting the behavior of the agent in advance: This factor goes a long way in choosing the vendor and hence the principal exercises sufficient due diligence to ensure it enters into contract with the right vendor. Some of the parameters evaluated to ensure quality service Cloud computing: Risks, Benefits and Mission Enhancement for the Intelligence Community, INSA, March 2012 29 are: reliability of the cloud infrastructure, 100% uptime to guarantee business continuity, accountability in case of service breakdown and high response rate for recovery. Thus the principal incurs search and information costs to ensure the external cloud provider meets the above conditions before making a final decision. 4. Measurabilityofthe outcome: When drafting the contract the principal and the agent negotiate on the terms and decide upon the standards and the benchmarks for the services rendered. This bargaining causes additional costs to the two parties. 5. Length ofthe contract: This again is based on the terms and conditions and the standards agreed upon in the contract; thus causing an increase in bargaining costs. In the large financial institution case, with the introduction of the shared IT services, there was a potential for principal agent problems between the IT organization and the businesses. The businesses being the principal would have been skeptical in sharing all information with the IT organization because in the changed environment it implied a loss of direct control over their IT operations. They would have preferred to not divulge complete information and use the asymmetric condition to retain their autonomy (Dahlman, 1979; Eisenhardt, 1989). To avoid the resulting problems, the IT Governance model was institutionalized with clearly spelt out roles among the stakeholders and identifying the decision makers within the system. Also processes, structures and standards were set to ensure compliance. One of the other changes that the large financial institution did as part of its cloud program was to outsource maintenance of existing application and data center management to external parties. The outsourcing situation also has the potential to create principal agent problem related to security, performance and data integrity between the enterprise IT and the third party vendor. In order to ensure compliance with the performance standards and reduce risks, Service Level Agreements were formed. These agreements clearly mentioned the service quality expected and the consequences in the event of any non-compliance. Organizational change issues - Effect of endowment and status quo bias As seen before, in the case of public cloud, some of the functions that were originally performed by the IT organization will be moved to the external cloud provider. Existing research in behavioral economics shows that letting go of something that an individual already possesses feels like a loss even if there is no rationale for an attachment(Kahneman et al., 1991). In the public cloud adoption, the IT function partakes with some of its power and control rights to the cloud service provider. In addition some of the roles and responsibilities within the IT organization will no longer be relevant as they have been outsourced to the external party. The latter change has a greater impact as it challenges the status quo within the IT organization. In addition, cloud adoption is generally characterized as a change in the operational model of the business. This implies changes in the current business processes, organizational structure and culture, and governance model. Plus, such changes in the strategic direction of the organization are usually taken at an enterprise and business leadership level, causing pushbacks from employees who are directly impacted by the transformation. Thus it is evident that the shift to cloud environment, impacts multiple stakeholders within the organization and based on their power, their positioning within the organization and their amenability to adopt the new IT environment, the transition to the cloud can yield different results. Enablers of the cloud adoption program at the large financial institution Tracing the changes that occurred in the organization, it is interesting to note that the two main changes that happened in the IT function were driven by factors in the external environment. For instance, the move to the IT Shared Services in 2001 was primarily triggered by the Dot com crisis which enforced consolidation of the resources and services in the IT function. The IT Governance Arrangement that was 30 instituted gave a clear idea of where the key decisions related to IT were being made. This governance arrangement along with the shared services concept and other structures that were instituted in 2001, helped in the transition process to cloud in 2008, which was driven by the crisis that hit the financial markets. Although the governance structure and the shared services model were instituted in 2001, the new processes started being followed only in 2008 when the cloud program was formally introduced. In the timeframe between 2001 and 2008, the leaders and executives within the large financial institution championed a lot of these processes and rendered their support in ensuring a smooth transition to the cloud. The IT function that rose to prominence in this transformation process was the Office of Architecture team, because with the introduction of cloud operations, data and process standardization became pivotal. From the above discussion it can be seen that the large financial institution by adopting a hybrid cloud model was able to leverage the benefits of private as well public cloud. For instance, by using the public cloud for unique requirements of certain businesses, the company had a shorter lead-time to realize the benefits of cloud. An organization can also use third party cloud services to address spikes in the workload during certain periods of the business cycle. It can be observed that the large financial institution performed several changes as part of the cloud adoption program - outsourcing the maintenance of application and data center management, refactoring of applications and virtualizing desktops. It is interesting to note that cloud does not require all of these shifts to happen. However an organization that performs some or all of these changes realize additional benefits from its cloud deployment. Our analysis based on the theories gave us a comprehensive picture of the challenges an organization moving to the cloud would face. In the large financial institution case, bulk of the work was transactional in nature, and hence centralization and outsourcing of certain services created better efficiencies. As the advantages far outweighed the adjustments that the employees had to make to adapt to the new system, there was no strong resistance or objection to the changes made in the IT organization. The next chapter illustrates a systems model using the factors just discussed, to demonstrate the cloud adoption phenomenon. 31 5. SYSTEMS MODEL OF CLOUD ADOPTION Introduction to System Dynamics In this chapter, the concept of system dynamics has been used to model the cloud adoption process and interaction between the different stakeholders involved in the IT transformation process. A system dynamics model consists of stock and flow variables and causal loops that define the interaction between the variables. Stocks are accumulations represented using rectangle and they characterize the state of the system (Sterman, 2000). Flow variables control the inflow and outflow rate into and outside the stock respectively. They are represented using the valves/flow regulators in the model. The clouds represent the source and sink and they are used to depict stocks outside the model boundary (Figure 7). StcCk Vari-able 71 Figure 7: Components of Systems Model Causal loops link variables and indicate the relationship between them. If two variables are connected by a positive arrow, it implies if the independent variable increases/decreases, it has the same effect on the dependent variable. On the other hand, a negative link implies opposite effect - that is, if the independent variable increases, the dependent variable decreases and vice versa. The models also have loop identifiers - reinforcing and balancing loops (Figure 8). A reinforcing loop indicates a loop where an increase/decrease in a specific variable triggers a sequence of events that eventually results in an additional increase/decrease in the original variable, thereby creating a reinforcing effect. A balancing loop on the other hand, denotes a loop that has an opposite effect - an increase in a specific variable eventually results in a decrease in the variable; and if the variable originally decreases, it results in an overall increase in the variable(Sterman, 2000). .- R Var.ablc B Var.'able D) 0 eA Reinforcing Loop "o / Figure 8: Reinforcing and Balancing Loops 32 Systems Model of Cloud Adoption To understand the adoption of cloud computing in organizations, causal diagrams that depict the interactions between the different elements influencing cloud adoption have been developed. These are conceptual models developed to demonstrate the relationship between the various factors affecting cloud adoption. Towards the end of the chapter, a simplified model of adoption has been developed to simulate and identify the key levers in the adoption process and the steps an organization can take to make the transition a smooth process. Introduction of IT Shared Services As evidenced earlier, it can be noted that cloud brings in an element of centralization and sharing of resources across the different entities in an organization. Having an enterprise wide IT function that coordinates and handles the technology requirements of all businesses and that facilitates collaboration and sharing of IT resources helps in the deployment of cloud services. In addition to cost savings that occur because of the decrease in redundant IT services, the centralization efforts help in having a common technology platform across the different departments and enable different organizational entities to leverage each other's IT expertise and skills. The customers of the organizations also benefit, because in a shared service model, the central IT team is aware of the services and products offered by the different businesses and as a result, they can provide solutions and services that create additional value to the clients. Similar results could be observed in the case of the large financial institution where an IT Shared Services model that was created in 2001 helped in the transition to the cloud in 2008. Reinforcing Loop R1: Redundancy Reduction In the system dynamics model (Figure 9), it can be observed that IT Shared Services increase Centralization, which in turn decreases the Redundancy in IT Operations. As the redundancy in the IT systems decline, the Efficiency of the IT Shared Services improve, creating a positive reinforcing effect on the efficiency of IT systems and helping in wider acceptance of the shared services concept. This acceptance is captured in the flow variable Shared Services Adoption Rate which, in turn increases the stock IT Shared Services. However over a period of time, some of the IT Shared Services can return to being a distributed IT system and this outflow is captured using the variable Shared Services Erosion Rate. 33 Adopion Rate Efticyev ofT Shared Services R Cenitralization Redundancy Reduction! Redundancy in :i Opc-artons Figure 9: Redundancy Reduction BalancingLoop Bl: Endowment Effect Bias The federated IT model however decreases the Autonomy of Business creating a Perception of Loss among the business units which previously had direct control over their IT budget and resources. This feeling of loss could decrease the Efficiency of IT Shared Services, resulting in resistance to accept the new system in the short run and in certain cases even efforts to go back to the older model. Thus the feeling of loss could result in a lower preference for the IT Shared Services model thereby decreasing the Shared Services Adoption Rate (Figure 10). Figure 10: Endowment Effect Bias 34 However one of the factors that could potentially decrease the effect of perception of loss is a strong leadership. A clear sense of direction from the management can help in anchoring the advantages of the new system as well as serve as beacon to navigate the organization through the transformational process. Introduction of IT Governance Mechanisms Balancing Loop B2: Ownership Risks Figure 11 shows that with the Centralization of the IT resources, there is an increasing need to institute governance mechanisms, from the perspective of executive in the internal IT organization. This is because in a federated environment where multiple entities share the IT resources, there are increased System Interdependencies. A fallout of this increased dependence and disappearance of clear boundaries is the poor clarity on decision rights and ownership. This reduction in Ownership Clarity increases Performance Risks, because a non-performance/under-performance in one part of the organization can perpetuate to other divisions and can cause a negative impact on the overall Efficiency of IT Shared Services. Shared Servicc --Amp, Ef;icicy:c of IT Shared Services 4 : at B2 i (* Citral Lat'1n Owticrsluip R.--s Perfoniance Risks SVstcrn meCrd ependen~ cs Cl.tarc( Owticr-Aip Figure 11: Ownership Risks Reinforcing Loop R2: Ownership Risk Mitigation An IT governance arrangement will help in specifying, analyzing and communicating where the key IT decision making happens within the organization (Peter Weill, Jeanne W. Ross, 2004). This will not only help in establishing ownership and accountability in the stakeholders but also help in defining clear rules and regulations when it comes to decision making and ensuring there is no conflict of interests among the 35 parties involved. In Figure 12, it can be seen that System Interdependencies increase the IT Governance Introduction Rate causing the stock IT Governance Mechanisms and to rise. As governance structures are established, the clarity on ownership and decision rights improves. IT Governance Introduction Time is a static time value over which the IT Governance Mechanisms are instituted within the organization. Shared Seces1C: Shared Services Adop-zion- Ratc N.r, iRac r Effcincc' of IT Shaircd S~~c.~4R2 Centralizat on I Performanec Risk Vear1UXCc :T GOv~ OT uo'.rna.ic Figure 12: Ownership Risk Mitigation Based on the literature review and the large financial institution case it can be observed that the IT Governance structure of an organization reflects who holds the power in defining the IT priorities and developing the IT roadmap for the organization. To a certain extent this is dependent on the level of importance of IT in the organization and to what level it contributes to the growth of the business. In the large financial institution case, it can be seen that IT is pivotal to the success and growth of the business in the organization and as a result senior executives of the business units handled most of the key decision-making and the governance bodies. Outsourcing Cloud adoption involves various degrees of outsourcing. For instance in a public cloud deployment model, the organization makes use of the expertise and skills of an external cloud provider. Examples of such organizations include Netflix whose entire business services are provided through the cloud to organizations that only store their data on the cloud in order to enhance accessibility. Another deployment model is the private cloud. In this case, the cloud system is internal to the organization, but some companies outsource a portion of other responsibilities of the IT organization like data center management and maintenance of applications to third parties. This is done to cut the workload of the employees and provide them the bandwidth to take on work that is more critical to the organization. For instance in the large financial institution, the data center management and maintenance of older applications were outsourced to third parties and the increased availability of the IT employees was used to develop a private cloud. Outsourcing not only means relying on the services of a vendor external to an 36 organization, but also the services of an entity within the same organization. For instance, with the formation of a federated IT model the businesses in the large financial institution were no longer responsible for the IT related decision-making, but were dependent on the centralized IT team. Another model, which is increasingly being used, is the hybrid cloud where certain IT services are hosted in the public cloud while the rest in the cloud system internal to the organization. However in such a scenario, it can be noted that there is a certain level of reliance on a third party for the performance of the IT organization. In the following sections, the interaction between the two parties involved in the outsourcing process and the impact of outsourcing on labor, cost and overall performance of the organization are studied. Reinforcing Loop R3: Cost Savings One of the key motivations of outsourcing is to make use of a cheaper medium to perform the tasks currently being done within the organization. This cost saving creates a budget surplus, which could be used for the improvement of current IT services and investments to facilitate cloud adoption. For instance, at the large financial institution the cost savings that were realized through the outsourcing of data center management and maintenance were used to fund the cloud project. As seen in Figure 13, the stock Outsourcing decreases the cost and this decrease in cost increases Outsourcing Effectiveness further increases The increase in Outsourcing Effectiveness. Outsourcing Rate, thereby creating a reinforcing effect. ReinforcingLoop R4: Access to Experts At the outset, cloud provides easy access to experts and to new technology in the market (Myun J Cheon, Varun Grover and James T C Teng). Thus in the case of cloud, an organization need not go through the process of developing skills and competence desired to move to cloud based services. As seen in Figure 13, the stock outsourcing increases the Access to Experts, which improves outsourcing Effectiveness and creates a reinforcing effect on the Outsourcing Rate. BalancingLoop B3: ControlRights Issues The dependence on a third party for cloud and other IT services transfers some of the work, which was previously done internally to the external vendor. Thus an internal stakeholder who had complete control over the tasks done now relies on third party cloud provider. Thus with the increase in out sourcing, a Loss in Direct Control is observed in Figure 13. This creates a perception of loss in the mindset of the employees and could cause changes in the attitude and behavior that reflects resistance. This perception of loss creates a negative impact on Outsourcing decreasing the outsourcing Rate generating a balancing effect. 37 Effectiveness thereby KJ ~R-4 - /5 / / Ak >xe B\ cs -- tto.Rgt s L.C S i [ Figure 13: Impact of Outsourcing on Control Rights, Cost and Access to Experts Labor dynamics ReinforcingLoop R5: Labor Availability Outsourcing, frees up bandwidth for certain employees and the organization can leverage on this increased labor availability and use their skills for projects and tasks that are more critical to the organization. The allocation of new work can create a positive impact in the mindset of the employees thereby boosting employee morale and improving the efficiency of the IT organization. In the systems model in Figure 14, it can be observed that as Outsourcing increases, the Labor Utilization Projects. This move boosts decreases, increasing the Labor Allocation to Critical Effectiveness, which Outsourcing impact on has a positive Employee Morale, which creates a reinforcing effect on Outsourcing Rate. BalancingLoop B4: Layoff' On the other hand, the increased labor availability that resulted from outsourcing can bring down the labor utilization. The organization, to reduce its costs can resort to downsizing efforts, which in turn creates a negative impression among the employees. In the systems model in Figure 14, it can be seen that as Labor Utilization increases, the Downsizing Efforts increase, which in turn decreases the Employee Morale. This decline in Employee Morale has an opposite effect on Outsourcing Effectiveness thereby decreasing the outsourcing Rate. 38 Thus outsourcing can create both positive as well negative influence and the final outcome depends on which of the two dominates. Outsourcinig Rate Effctven ~R55 sLab Labcz -kvai abd: N. or Ut iiat'in tv CtS Lavoff2 :Np c M ,a Figure 14: Labor Dynamics Resulting from Outsourcing Vendor management BalancingLoop B5: Dependency Risk As discussed earlier, outsourcing on one hand, brings in easy access to experts and to new technology/software in the market (in this case cloud services). But at the same time, it necessitates development of vendor management skills in the organization; because with the dependence on a third party for managing cloud, the organization is at a higher risk of issues related to under/non-performance of the external vendor. In Figure 15, it can be seen that as Outsourcing increases, the Dependence on Contractors increase, exposing the organization to Dependency Risks. As the Dependency Risks increase, it decreases the Outsourcing Effectiveness, resulting in a decrease in Outsourcing Rate. ReinjorcingLoop R6: Skill Development To balance the exposure to risks, organizations need to develop their competence in managing vendors sourcing proposals, evaluating them and choosing the one that matches the requirements. Once the selection is done, the organization needs to draft a contract that clearly spells out the terms and conditions, the performance expectations and the liabilities in case of non-compliance with the agreed upon terms. These measures will help an organization in mitigating the impact of non-performance by the vendor. In the systems model in Figure 15, it can be seen that as the Dependence on Contractors increase, the Training Rate, which is the degree to which organizations introduce training and development opportunities increases. This building of skills and competence occurs over a period of time 39 called the Training Time. The end result of these training efforts is the increase in Knowledge of Vendor Management among the employees. Equipped with the skills needed to handle third parties, the organizations will be able to mitigate the Dependency Risks. However the caveat here is that, these measures will help in case of risks that could have been controlled by the vendor. But in cases where breakdown is due to extremities in the weather, the vendor cannot be held directly responsible. In such cases, organizations spread their risks by using services from multiple vendors. This way even if the services provided by a single vendor breaks down, the others can ensure service continuity and reduce the risks to the organization. Outsourcing Rae ()J rociflg Rnr.' Out'sourcing 51Dcwnde:cc ~Cntracterm % \1 'XkmC;10.% RjkM/ Depndc'yc Rik.. 7 c1n 4 Knowlcdc ; n Tr.aig Rate Vecn dor Manacenncrt Rl~K Skl DskcvkPmen Figure 15: Dependency Risks from Outsourcing Reinforcing Loop R 7: On the Job Learning As cloud based services are introduced in the organization, training opportunities that support the learning process should be extended. In Figure 16, it can be seen that as Cloud IT Systems increase, the Learning Rate of Cloud increases which results in the accumulation of Knowledge of Cloud. This building of the necessary know-how about cloud happens over a period of time, given by Cloud Learning Time. As the Knowledge of Cloud increases, it improves the Effectiveness of Cloud Systems and Perceived Benefits of Cloud. This increase in Perceived Benefits of Cloud further contributes to the increased Learning Rate of Cloud, thereby creating a reinforcing effect. 40 C:.out c if 17 Knowledpe o 17 Learning Rate of Cloud Cloud Lcarnin T_111Civi~ o On he !ob Learninu / Pcrcvci EdBenefits Figure 16: On the Job Learning Simplified Model and Simulation Results The models illustrated above demonstrate the various factors that influence the adoption of cloud computing and have been developed to explain conceptually the interaction between the different factors. The aim of this study was to analyze and understand the interplay between the various factors that impact cloud adoption, using system dynamics approach. However due to time constraints, all the factors that were discussed previously in the conceptual models could not simulated and studied in a single model. As a result, a simplified version of cloud adoption system dynamics model that includes impact of IT Shared Services, Outsourcing and Knowledge of cloud has been developed. Among the different variables that affect IT Shared Services and Outsourcing, the abstracted model considers only the final outcome of instituting these services, captured by the variables - Efficiency of IT Shared Services and Outsourcing Effectiveness. The abstracted model (Figure 17) has been designed with two stocks and three key variables, to analyze and simulate the cloud adoption behavior. The stock Adoption signifies the percentage of IT systems in the enterprise that have been moved to the cloud and is controlled by the inflow variable Ins tall ing. As more of the IT Systems in the enterprise are moved to the cloud, the Net Perceived Benefit of cloud increases among the employees, resulting in an increase in the Inf luencing effect of cloud based IT services on the management. As rate of cloud-based Management Support increases, it has a reinforcing effect on the Ins talling that supports the cloud the management of the percentage indicates systems. Management Support Management Support and Impact of initiative and varies between 0 and 1. Initial Management Support varies between 0 and Adoption are exogenous variables, where Initial 1 and denotes the percentage of the leadership team that supports cloud deployment initially. Impact of Adoption is another exogenous variable and ranges between -1 and 1. It is an aggregate of the different elements impacting cloud adoption; mathematically it can be given by the following expression 41 Impact of Adoption = Z (Knowledge of Services, Outsourcing Effectiveness) Cloud, Efficiency of IT Shared ClOud Adoptioi Nc: Pecreved Bcnefit mpoLfCr.6Aotg :. :nit:ai Managemem Su;pport Figure 17: A Systems Model of Cloud Adoption As seen previously, Efficiency of IT Shared Services is impacted by redundancy in IT operations, performance risks due to system interdependencies and perception of loss by business as a result of centralizing the IT resources. Likewise Outsourcing Effectiveness is a factor of employee morale, dependency risks, access to experts, cost savings and loss of control rights. Thus depending on whether the positive or the negative effects dominate, the Impact of Adoption takes on a positive, negative or zero value. The two balancing loops in the model indicate that the cloud adoption and the management support are finite quantities; implying as the stocks increase, the rate at which the two stocks increase, decreases. Simulated Results In this section, the rate at which cloud adoption happens is studied based on changes in the impact of adoption and initial management support. As the model is an abstraction of the complete cloud adoption phenomenon, the simulation results are not truly reflective of the timeline and the outcomes of cloud deployment in an organization. To understand the rate at which cloud adoption occurs within an organization, the two exogenous variables are changed over a range of values and the behavior of the model is studied. 42 High impact of adoption and high initialmanagement support When the impact of adoption and the level of initial management support is high, it can be observed that the enterprise is more willing to shift its IT systems to the cloud and the portion of the management that originally wasn't bought into the idea is also convinced of the benefits. Management Support Adoption (:.951 M25 0.5 0.9 (.8 0 0 5 0 5 20 25 30 35 40 45 ( 50 5 20 25 30 Time(Monh) 15 Time (Mo:h) 35 40 45 50 Adopton: H-ightipacighSuppon Graph 1: Behavior of Adoption when impact of adoption high and initial management Graph 2: Behavior of management support when impact of adoption high and initial management support high support high High impact of adoption and low management support From the results, it can be seen that despite a low management support initially, when the impact of cloud adoption is high, the benefits override the skepticism in the minds of employees and the move to cloud based services is accepted. However the time taken to achieve 100% cloud adoption is longer in this case. Management Support Adoption C,75 0,75 1.5/ M. 0 5 I0 .5 20 Adopon . HiPhtnp1ja.tLowSu-ppon 25 30 35 40 45 50 0 Time (Mobh) Graph 3: Behavior of adoption when impact of adoption high and initial management support low w 5 tmen .Suppn 0 Hipt 5 30 25 20 Time (Month) 35 40 45 50 owm Graph 4: Behavior of management support when impact of adoption high and initial management support low Low impact ofadoption and high initial managementsupport Consider a case where the impact of cloud adoption is low, but the management is highly supportive of the initiative to deploy cloud based services. Here the adoption kicks off, because of the high support rendered by the leadership team, however over a period of time, when the benefits achieved do not meet the expectations of the management, their support reduces. But by this period of time, the adoption has already reached high levels. Thus the management's delay in the realization of low benefits of cloud results in a loss of investment for the organization. 43 Adoption Management Support 0.75 0.5 0.251 U.25 0 5 :0 5 20 25 30 Time (Month) Adoption . LowlipactH ighSupport 35 40 45 50 5 moangcnr Supp U 1 15 wa peig 20 25 30 35 40 45 50 g Graph 5: Behavior of adoption when impact of adoption low and initial management Graph 6: Behavior of management support when impact of adoption low and initial management support high support high Low impact ofadoption and low initialmanagement support With a low impact of adoption and low initial management support, the rate at which cloud systems are installed in the enterprise slows, decreasing the total adoption of cloud systems in the organization. The low impact of adoption further decreases the management support, thereby limiting the total percentage of the IT systems within the organization that are moved to the cloud. Management Support Adoption 0.6 0.4 G.3 0.2Z 0 5 Adopton LwIpr 1035 rtLcwSuppot 20 25 30 Time (Momh 35 40 45 0 50 5 0 5 20 25 3 Tire (Momh) 35 40 45 51 - Graph 7: Behavior of adoption when impact of adoption low and initial management support low Graph 8: Behavior of management support when impact of adoption low and initial management support low Thus this chapter captures the interactions and the causality between the factors influencing the cloud adoption. Using the model, an organization can identify the key levers that impact cloud adoption and take steps that help them bridge the gap between the current and desired states for cloud implementation. This model can also be used to analyze the cloud readiness of organizations, determine the reasons for facing challenges in deploying cloud services and take corrective steps. 44 6. CONCLUSION In conclusion it can be noted that cloud adoption has far reaching effects at an organizational as well as individual employee level. The implications at an employee level encompass both managerial and nonmanagerial. Organizational Implications 1. Cloud purports consolidation and aggregation of the resources. An outcome of this effect is the necessity to standardize business processes and technology across the organization to enable seamless communication across multiple systems. 2. Cloud adoption can support a decision to change the business model. Such a move might entail reorganization of the entire business, so that it reflects the new business model. 3. With the introduction of cloud services and centralization of IT resources, there is a need to define an IT governance arrangement that clearly spells out the decision-making privileges of the individuals and entities within the organization. The governance structure will define which function within the organization holds the power to drive IT initiatives. Based on the Peter Weill's IT governance matrix, it can be seen that a federal or business monarchy structure supports the adoption of cloud. 4. From the financial institution case, it can be observed that some firms might outsource a portion of their current IT operations to an external vendor to leverage their expertise as well create bandwidth for the employees within the organization to focus on operationalizing cloud. 5. With the introduction of cloud, there is an increasing need to upskill the employees on effectively using cloud-based systems and also familiarizing them about IT shared services, virtualization, using multiple technology platforms. Managerial Implications 1. The executives and leaders within the organizations should be clear about the scope and understanding of cloud and their primary motivations of moving to the cloud. 2. They also need to be informed about the various deployment and service models that are available and exercise sufficient due diligence to choose the model that best suits the organizations' requirements. 3. The executives should serve as evangelists of the cloud program. In addition to knowing the benefits that the organization can realize, they need to be cognizant of the challenges unique to each deployment model. For instance in case of private cloud, although it guarantees security, compliance and performance, the organization should have the competence needed to build and manage an in-house cloud system. The public cloud however can introduce issues related to dependency on third parties, security, risks of non- performance or under-performance by the service provider and transfer of control rights. Being cognizant of these potential problems helps the managers anticipate and take corrective actions proactively. 4. Managers should also form centers of excellence and other program offices that handhold the employees during the transition phase and also helps in building in the required skills and capabilities among the employees. 5. In addition to knowing about cloud, managers should also be trained in vendor management. 45 Non-Managerial Implications 1. The non-managerial employees are not impacted much by the control rights, governance and outsourcing issues. However in some cases, the change to cloud will be accompanied by changes in the IT infrastructure - like replacing the physical desktops with thin clients, using virtual servers and also interacting across multiple platforms. These demand a lot of behavioral adjustments from the employees. 2. The employees need to familiarize themselves with the new standards and procedures being followed in the organization. This is especially relevant in the case of hybrid cloud, as employees need to be cognizant of where the service or data is being hosted and what are the standards followed in that cloud center. 3. They also need to develop their skills in provisioning and releasing resources with minimum interaction with the service providers. 46 7. FUTURE WORK The causal loops developed in this paper demonstrate the relationship between the different elements that contribute towards a smooth cloud adoption process. The variables in the model were chosen based on the insights obtained from research articles on cloud computing, existing literature on organizational theories and the case on the large financial institution. The model developed in the paper can be extended to include learning curve effects within the organization. Additionally the model can also be enhanced to examine the impact on outsourcing effectiveness if IT governance structures are not built within the organization. Also, the conceptual models can be calibrated to understand better the impact of each individual factor on cloud adoption. To further add dimensions to the study, additional cases can be studied to determine challenges urnique to specific industries, business models and cloud deployment models. 47 8. REFERENCES Al-Qirim, N. (2012). The strategic outsourcing decision of IT and eCommerce: The case of small businesses in new zealand. Journalof Information Technology Case and Application Research, 5(3), 32-56. Armbrust, M., Fox, A., Griffith, R., Joseph, A. D., Katz, R., Konwinski, A., et al. (2010). A view of cloud computing. Communications of the ACM, 53(4), 50-5 8. Casciaro, T., & Piskorski, M. J. (2004). Power imbalance AND interorganizational relations: Resource dependence theory revisited. Academy ofManagement, New Orleans, Dahlman, C. J. (1979). The problem of externality. Journal ofLaw and Economics, 22(1), 141-162. Davis, G. F.. & Cobb, J. A. (2010). Resource dependence theory: Past and future. Research in the Sociology of Organizations,28, 21-42. Eisenhardt, K. M. (1989). Agency theory: An assessment and review. Academy ofManagement Review,, 57-74. Goles, T., & Chin, W. W. (2005). Information systems outsourcing relationship factors: Detailed conceptualization and initial evidence. ACM SIGMIS Database,36(4), 47-67. Grover, V., Cheon, M., & Teng, J. (1995). Theoretical perspectives on the outsourcing of information systems. JournalofInformation Technology, , 209-219. Hillman, A. J., Withers, M. C., & Collins, B. J. (2009). Resource dependence theory: A review. Journal ofManagement, 35(6), 1404-1427. Jensen, M. C., & Meckling, W. H. (1976). Theory of the firm: Managerial behavior, agency costs and ownership structure. JournalofFinancialEconomics, 3(4), 305-360. Kahneman, D., Knetsch, J. L., & Thaler, R. H. (1990). Experimental tests of the endowment effect and the coase theorem. JournalofPoliticalEconomy, , 1325-1348. Kahneman, D., Knetsch, J. L., & Thaler, R. H. (1991). Anomalies: The endowment effect, loss aversion, and status quo bias. The JournalofEconomic Perspectives, 5(1), 193-206. Mell, P., & Grance, T. (2011). The NIST definition of cloud computing (draft). NIST SpecialPublication, 800, 145. Mitchell, R. K., Agle, B. R., & Wood, D. J. (1997). Toward a theory of stakeholder identification and salience: Defining the principle of who and what really counts. The Academy ofManagement Review, 22(4), 853-886. Pfeffer, J., & Salancik, G. R. (2003). The external control of organizations:A resource dependence perspective Stanford University Press. Ravichandran, T., Lertwongsatien, C., & LERTWONGSATIEN, C. (2005). Effect of information systems resources and capabilities on firm performance: A resource-based perspective. Journalof ManagementInformation Systems, 21(4), 237-276. Rindfleisch, A., & Heide, J. B. (1997). Transaction cost analysis: Past, present, and future applications. The JournalofMarketing, , 30-54. Samuelson, W., & Zeckhauser, R. (1988). Status quo bias in decision making. JournalofRisk and Uncertainty, 1(1), 7-59. Sterman, J. D. (2000). Business dynamics: Systems thinking and modelingfor a complex world Irwin/McGraw-Hill Boston. Thaler, R. H., Tversky, A., Kahneman, D., & Schwartz, A. (1997). The effect of myopia and loss aversion on risk taking: An experimental test. The QuarterlyJournal ofEconomics, 112(2), 647-661. Tversky, A., & Kahneman, D. (1991). Loss aversion in riskless choice: A reference-dependent model. The QuarterlyJournalofEconomics, 106(4), 1039-1061. Weill, P., & Ross, J. W. (2004). IT governance on one page. CISR WP, 349, 2. Weill, P., & Woodham, R. (2002). State street corporation: Evolving IT governance. Wernerfelt, B. (1984). A resource-based view of the firm. StrategicManagement Journal,5(2), 171-180. 48 Wernerfelt, B. (1995). The resource-based view of the firm: Ten years after. Strategic Management Journal,16(3), 171-174. 49